THE OVAL INTERPRETER IS A FREELY AVAILABLE REFERENCE IMPLEMENTATION CREATED TO SHOW HOW INFORMATION CAN BE COLLECTED FROM A COMPUTER FOR TESTING, TO EVALUATE AND CARRY OUT THE OVAL DEFINITIONS FOR THAT PLATFORM, AND TO REPORT THE RESULTS OF THE TESTS. PREVIOUS VERSIONS OF THE INTERPRETER AND ITS SOURCE CODE ARE AVAILABLE IN THE OVAL ARCHIVE.

MITRE DEVELOPED THE REFERENCE INTERPRETER TO DEMONSTRATE THE USABILITY OF OVAL DEFINITIONS, AND FOR DEFINITION WRITERS TO USE TO ENSURE CORRECT SYNTAX AND ADHERENCE TO THE OVAL SCHEMAS DURING THE DEVELOPMENT OF DRAFT DEFINITIONS. IT IS NOT A FULLY FUNCTIONAL SCANNING TOOL AND HAS A SIMPLISTIC USER INTERFACE, BUT RUNNING THE INTERPRETER WILL PROVIDE YOU WITH A LIST OF OVAL-IDS AND THEIR REFERENCES (E.G., CVE NAMES) DETERMINED BY OVAL TO BE PRESENT ON THE SYSTEM.

FOUNDED IN JUNE OF 2005, THE OPEN REVERSE CODE ENGINEERING COMMUNITY WAS CREATED TO FOSTER A SHARED LEARNING ENVIRONMENT AMONG RESEARCHERS INTERESTED IN THE FIELD OF REVERSE ENGINEERING. OPENRCE AIMS TO SERVE AS A CENTRALIZED RESOURCE FOR REVERSE ENGINEERS BY HOSTING FILES, BLOGS, FORUMS, ARTICLES AND A UNIQUE COLLECTION OF REFERENCE MATERIAL.

REFERENCE MATERIALS INCLUDE PAPERS, A BOOK STORE, ANTI REVERSE ENGINEERING DATABASE, IDA SDK DEVELOPMENT LANGUAGE REFERENCE, A DATABASE OF PACKER ANALYSIS NOTES AND A DATABASE MAPPING THE CALL CHAINS BETWEEN POPULAR WINDOWS API.

THIS PROJECT IS AN ATTEMPT TO DEVELOP A REAL DECOMPILER FOR MACHINE CODE PROGRAMS THROUGH THE OPEN SOURCE COMMUNITY. A DECOMPILER TAKES AS INPUT AN EXECUTABLE FILE, AND ATTEMPTS TO CREATE A HIGH LEVEL, COMPILABLE, POSSIBLY EVEN MAINTAINABLE SOURCE FILE THAT DOES THE SAME THING. IT IS THEREFORE THE OPPOSITE OF A COMPILER, WHICH TAKES A SOURCE FILE AND MAKES AN EXECUTABLE. HOWEVER, A GENERAL DECOMPILER DOES NOT ATTEMPT TO REVERSE EVERY ACTION OF THE DECOMPILER, RATHER IT TRANSFORMS THE INPUT PROGRAM REPEATEDLY UNTIL THE RESULT IS HIGH LEVEL SOURCE CODE. IT THEREFORE WON'T RECREATE THE ORIGINAL SOURCE FILE; PROBABLY NOTHING LIKE IT. IT DOES NOT MATTER IF THE EXECUTABLE FILE HAS SYMBOLS OR NOT, OR WAS COMPILED FROM ANY PARTICULAR LANGUAGE. (HOWEVER, DECLARATIVE LANGUAGES LIKE ML ARE NOT CONSIDERED.)

THE INTENT IS TO CREATE A RETARGETABLE DECOMPILER (I.E. ONE THAT CAN DECOMPILE DIFFERENT TYPES OF MACHINE CODE FILES WITH MODEST EFFORT, E.G. X86-WINDOWS, SPARC-SOLARIS, ETC). IT WAS ALSO INTENDED TO BE HIGHLY MODULAR, SO THAT DIFFERENT PARTS OF THE DECOMPILER CAN BE REPLACED WITH EXPERIMENTAL MODULES. IT WAS INTENDED TO EVENTUALLY BECOME INTERACTIVE, A LA IDA PRO, BECAUSE SOME THINGS (NOT JUST VARIABLE NAMES AND COMMENTS, THOUGH THESE ARE OBVIOUSLY VERY IMPORTANT) REQUIRE EXPERT INTERVENTION. WHETHER THE INTERACTIVITY BELONGS IN THE DECOMPILER OR IN A SEPARATE TOOL REMAINS UNCLEAR.

BY TRANSFORMING THE SEMANTICS OF INDIVIDUAL INSTRUCTIONS, AND USING POWERFUL TECHNIQUES SUCH AS STATIC SINGLE ASSIGNMENT DATAFLOW ANALYSIS, BOOMERANG SHOULD BE (LARGELY) INDEPENDENT OF THE EXACT BEHAVIOUR OF THE COMPILER THAT HAPPENED TO BE USED. OPTIMIZATION SHOULD NOT AFFECT THE RESULTS. HENCE, THE GOAL IS A GENERAL DECOMPILER.

THE IDA PRO DISASSEMBLER AND DEBUGGER IS AN INTERACTIVE, PROGRAMMABLE, EXTENDIBLE, MULTI-PROCESSOR DISASSEMBLER HOSTED ON WINDOWS OR ON LINUX. IDA PRO HAS BECOME THE DE-FACTO STANDARD FOR THE ANALYSIS OF HOSTILE CODE, VULNERABILITY RESEARCH AND COTS VALIDATION.

PREVENT (SOFTWARE QUALITY SYSTEM) SQS IS THE LEADING AUTOMATED APPROACH TO IDENTIFYING AND RESOLVING THE MOST CRITICAL DEFECTS IN C, C++ AND JAVA SOURCE CODE. BY PROVIDING A COMPLETE UNDERSTANDING OF YOUR BUILD ENVIRONMENT, SOURCE CODE, AND DEVELOPMENT PROCESS, PREVENT SQS SETS THE STANDARD FOR ENABLING HIGH QUALITY SOFTWARE. STATIC SOURCE CODE ANALYSIS ALLOWS ORGANIZATIONS TO FIND AND FIX DEFECTS AT THE EARLIEST STAGE IN THE SOFTWARE DEVELOPMENT LIFE CYCLE, SAVING MILLIONS OF DOLLARS IN ASSOCIATED COSTS. PREVENT SQS IS THE INDUSTRY STANDARD BECAUSE ONLY COVERITY UNDERSTANDS THE STRICT REQUIREMENTS OF STATIC SOURCE CODE ANALYSIS.

COVERITY UNDERSTANDS BUILD SYSTEMS—PREVENT SQS MAPS SOFTWARE BY MONITORING YOUR BUILD SYSTEM AT THE OPERATING SYSTEM PROCESS LEVEL TO OBTAIN A CLEAR VIEW OF EVERY OPERATION.

COVERITY UNDERSTANDS SOURCE CODE—PREVENT SQS IDENTIFIES MORE INFORMATION ABOUT SOURCE CODE THAN ANY OTHER PRODUCT ON THE MARKET TODAY; ITS STRUCTURE, ITS MEANING, AND ITS INTENT ARE ALL UTILIZED TO UNCOVER CRITICAL FLAWS AND VULNERABILITIES.

COVERITY UNDERSTANDS DEVELOPERS—PREVENT SQS RESOLVES DEFECTS BY PROVIDING USERS WITH A CUSTOMIZABLE WORKFLOW, COMPREHENSIVE ANALYTICS, AND EASY-TO-USE TOOLS THAT ALLOW DEFECTS TO BE ADDRESSED WITHIN MINUTES.

FORTIFY SCA IS THE WORLD'S MOST PROVEN AND WIDELY USED SOURCE CODE SECURITY ANALYSIS SOLUTION. ITS ADVANCED FEATURES ENABLE SECURITY PROFESSIONALS TO REVIEW MORE CODE AND PRIORITIZE ISSUES IN LESS TIME, WHILE HELPING DEVELOPMENT TEAMS IDENTIFY AND FIX ISSUES EARLY AND WITH LESS EFFORT. FORTIFY SCA SUPPORTS A WIDE VARIETY OF LANGUAGES, FRAMEWORKS AND OPERATING SYSTEMS AND DELIVERS DEPTH AND ACCURACY IN ITS RESULTS. IT CAN BE TUNED TO BE COMPREHENSIVE WHEN COMPLETENESS IS NEEDED OR EXTREMELY TARGETED FOR DAY-TO-DAY USE IN DEVELOPMENT. IT MAKES TRIAGE, FULL-SCALE AUDITS AND REMEDIATION FAST AND EFFECTIVE.

PSCAN CHECKS C SOURCE CODE FOR PROBLEMATIC USES OF PRINTF STYLE FUNCTIONS SUCH AS "SPRINTF(BUFFER, VARIABLE)", WHICH HAVE BEEN THE SOURCE OF MANY SECURITY HOLES. IT DOES NOT CHECK FOR BUFFER OVERFLOWS OR OTHER MISUSE OF FUNCTION PARAMETERS.

FLAWFINDER IS A PROGRAM THAT EXAMINES SOURCE CODE AND REPORTS POSSIBLE SECURITY WEAKNESSES (“FLAWS”) SORTED BY RISK LEVEL. IT'S VERY USEFUL FOR QUICKLY FINDING AND REMOVING AT LEAST SOME POTENTIAL SECURITY PROBLEMS BEFORE A PROGRAM IS WIDELY RELEASED TO THE PUBLIC.

MOPS IS A TOOL FOR FINDING SECURITY BUGS IN C PROGRAMS AND FOR VERIFYING CONFORMANCE TO RULES OF DEFENSIVE PROGRAMMING. THIS IS TARGETED AT DEVELOPERS WRITING SECURITY-CRITICAL PROGRAMS AND AT SECURITY AUDITORS REVIEWING THE SECURITY OF EXISTING C CODE.

DOXYGEN IS A DOCUMENTATION SYSTEM FOR C++, C, JAVA, OBJECTIVE-C, PYTHON, IDL (CORBA AND MICROSOFT FLAVORS) AND TO SOME EXTENT PHP, & C#.

IT CAN HELP YOU IN THREE WAYS:

IT CAN GENERATE AN ON-LINE DOCUMENTATION BROWSER (IN HTML) AND/OR AN OFF-LINE REFERENCE MANUAL (IN) FROM A SET OF DOCUMENTED SOURCE FILES. THERE IS ALSO SUPPORT FOR GENERATING OUTPUT IN RTF (MS-WORD), POSTSCRIPT, HYPERLINKED PDF, COMPRESSED HTML, AND UNIX MAN PAGES. THE DOCUMENTATION IS EXTRACTED DIRECTLY FROM THE SOURCES, WHICH MAKES IT MUCH EASIER TO KEEP THE DOCUMENTATION CONSISTENT WITH THE SOURCE CODE.

YOU CAN CONFIGURE DOXYGEN TO EXTRACT THE CODE STRUCTURE FROM UNDOCUMENTED SOURCE FILES. THIS IS VERY USEFUL TO QUICKLY FIND YOUR WAY IN LARGE SOURCE DISTRIBUTIONS. YOU CAN ALSO VISUALIZE THE RELATIONS BETWEEN THE VARIOUS ELEMENTS BY MEANS OF INCLUDE DEPENDENCY GRAPHS, INHERITANCE DIAGRAMS, AND COLLABORATION DIAGRAMS, WHICH ARE ALL GENERATED AUTOMATICALLY.

DOXYGEN IS DEVELOPED UNDER LINUX AND MAC OS X, BUT IS SET-UP TO BE HIGHLY PORTABLE. AS A RESULT, IT RUNS ON MOST OTHER UNIX FLAVORS AS WELL. FURTHERMORE, EXECUTABLES FOR WINDOWS ARE AVAILABLE.

LCOV IS AN EXTENSION OF GCOV, A GNU TOOL WHICH PROVIDES INFORMATION ABOUT WHAT PARTS OF A PROGRAM ARE ACTUALLY EXECUTED (I.E. "COVERED") WHILE RUNNING A PARTICULAR TEST CASE. THE EXTENSION CONSISTS OF A SET OF PERL SCRIPTS WHICH BUILD ON THE TEXTUAL GCOV OUTPUT TO IMPLEMENT THE FOLLOWING ENHANCED FUNCTIONALITY:

HTML BASED OUTPUT: COVERAGE RATES ARE ADDITIONALLY INDICATED USING BAR GRAPHS AND SPECIFIC COLORS.
SUPPORT FOR LARGE PROJECTS: OVERVIEW PAGES ALLOW QUICK BROWSING OF COVERAGE DATA BY PROVIDING THREE LEVELS OF DETAIL: DIRECTORY VIEW, FILE VIEW AND SOURCE CODE VIEW.

LCOV WAS INITIALLY DESIGNED TO SUPPORT LINUX KERNEL COVERAGE MEASUREMENTS (REQUIRES THE GCOV-KERNEL PACKAGE, BUT WORKS AS WELL FOR COVERAGE MEASUREMENTS ON STANDARD USER SPACE APPLICATIONS.

OLLYDBG IS A 32-BIT ASSEMBLER LEVEL ANALYSING DEBUGGER FOR MICROSOFT® WINDOWS®. EMPHASIS ON BINARY CODE ANALYSIS MAKES IT PARTICULARLY USEFUL IN CASES WHERE SOURCE IS UNAVAILABLE. OLLYDBG IS A SHAREWARE, BUT YOU CAN DOWNLOAD AND USE IT FOR FREE. SPECIAL HIGHLIGHTS ARE:

RCOV IS A WEBRICK APPLICATION THAT USES THE COMPILE/RUNTIME OUTPUT GENERATED BY GCOV, USES THE BROWSER FOR NAVIGATION (TESTED WITH FIREFOX AND SAFARI), CROSS LINKS THE SOURCE USING CTAGS AND DECORATES THE OUTPUT USING THE RUNTIME COVERAGE DATA GENERATED BY THE PROGRAM UNDER EXECUTION. YOU CAN THINK OF THIS AS A CROSS BETWEEN DOXYGEN AND LCOV.

ONCE RCOV IS FIRED UP WITH THE ROOT DIRECTORY OF THE TARGET’S SOURCE, IT WILL FIRST READ THE VARIOUS GCDA FILES GENERATED BY THE COMPILER. IT WILL THEN LISTEN ON LOCALHOST: 8080 AND YOU CAN POINT YOUR BROWSER TO THIS URL. RUN YOUR FUZZER AGAINST THE TARGET AND EACH TIME THE TARGET EXITS, THE GCOV COMPILED TARGET WILL DUMP A BUNCH OF GCNO FILES. REFRESH YOUR BROWSER WINDOW AND YOU SHOULD SEE THE SOURCE FILES UPDATED WITH COVERAGE INFORMATION.

PAIMEI, IS A REVERSE ENGINEERING FRAMEWORK CONSISTING OF MULTIPLE EXTENSIBLE COMPONENTS. THE FRAMEWORK CAN ESSENTIALLY BE THOUGHT OF AS A REVERSE ENGINEER'S SWISS ARMY KNIFE AND HAS ALREADY BEEN PROVEN EFFECTIVE FOR A WIDE RANGE OF BOTH STATIC AND DYNAMIC TASKS SUCH AS FUZZER ASSISTANCE, CODE COVERAGE TRACKING, DATA FLOW TRACKING AND MORE. THE FRAMEWORK BREAKS DOWN INTO THE FOLLOWING CORE COMPONENTS:

PYDBG: A PURE PYTHON WIN32 DEBUGGING ABSTRACTION CLASS.

PGRAPH: A GRAPH ABSTRACTION LAYER WITH SEPERATE CLASSES FOR NODES, EDGES AND CLUSTERS.

PIDA: BUILT ON TOP OF PGRAPH, PIDA AIMS TO PROVIDE AN ABSTRACT AND PERSISTENT INTERFACE OVER BINARIES (DLLS AND EXES) WITH SEPARATE CLASSES FOR REPRESENTING FUNCTIONS, BASIC BLOCKS AND INSTRUCTIONS. THE END RESULT IS THE CREATION OF A PORTABLE FILE THAT WHEN LOADED ALLOWS YOU TO ARBITRARILY NAVIGATE THROUGHOUT THE ENTIRE ORIGINAL BINARY. A LAYER ABOVE THE CORE COMPONENTS YOU WILL FIND THE REMAINDER OF THE PAIMEI FRAMEWORK BROKEN INTO THE FOLLOWING OVER-ARCHING COMPONENTS:

UTILITIES: A SET OF UTILITIES FOR ACCOMPLISHING VARIOUS REPETITIVE TASKS.

CONSOLE: A PLUGGABLE WXPYTHON GUI FOR QUICKLY AND EFFICIENTLY ROLLING OUT YOUR OWN SEXY RE UTILITIES.

SCRIPTS: INDIVIDUAL SCRIPTS FOR ACCOMPLISHING VARIOUS TASKS. ONE VERY IMPORTANT EXAMPLE OF WHICH IS THE PIDA_DUMP.PY IDA PYTHON SCRIPT WHICH IS RUN FROM IDA TO GENERATE .PIDA MODULES.